2008 McAfee, Inc. McAfee SafeBoot Security SafeBoot Installation McAfee World-wide Learning and Development 2007 McAfee, Inc. Copyright 2008 McAfee, Inc. All Rights Reserved. Copyright 2008 McAfee, Inc. All Rights Reserved. The training information provided herein is the property of McAfee, Inc., and is intended for the sole use of the individual or organization purchasing the training. Distribution of the training material outside of the purchasing organization is strictly prohibited. All information contained herein is subject to change without notice. McAfee is not responsible for errors or damages of any kind resulting fromuse of the information contained herein. Every effort has been made to ensure the accuracy of information presented as factual; however errors may exist. Users are directed to countercheck facts when considering their use in other applications. McAfee is not responsible for the content or functionality of any technology resource not owned by the company. The statements, comments, or opinions expressed by users through use of McAfees technology resources are those of their respective authors, who are solely responsible for them, and do not necessarily represent the views of McAfee, Inc. and/or its affiliates. 2 2/21/2008 2007 McAfee, Inc. Objectives At the end of this section, the student will be able to; Install the SafeBoot Management Center, including the SafeBoot Server and SafeBoot Object Directory Configure the SafeBoot system for use Create and configure users Create and configure machines Create client installation sets Install SafeBoot Device Encryption client, and SafeBoot Content Encryption client Test SafeBoot installations At the end of this section, the student will be able to; Install the SafeBoot Management Center, including the SafeBoot Server and SafeBoot Object Directory Configure the SafeBoot system for use Create and configure users Create and configure machines Create client installation sets Install SafeBoot Device Encryption client, and SafeBoot Content Encryption client Test SafeBoot installations 4 2007 McAfee, Inc. 1. Installation McAfee SafeBoot Security 2007 McAfee, Inc. SafeBoot Installation Sequence of Events Installation is order-dependent 1. Install the SafeBoot Management Center 2. Create the Object Directory database 3. Create the SafeBoot Server Application 4. Add users to system 5. Setup machine configurations 6. Create Installation Sets 7. Install SafeBoot clients 8. Test The installation and setup of SafeBoot is order-dependent and must be done in the following sequence: 1. Install the SafeBoot Management Center 2. Create the object database 3. Create the SafeBoot Server Application 4. Add Users to the System 5. Set Up Machine Configurations 6. Create Installation Sets 7. Install the SafeBoot installClient(s) 8. Test the System 2007 McAfee, Inc. Installing SafeBoot Management Center Insert SafeBoot CD Run setup.exe Enter Product Code Read/approve License Agreement Determine program files to be installed Choose encryption algorithm Make token selections or deselect Make Smart Card reader selections or deselect Select Client software Select Themes Select Languages Click Next verify selections Click Next to create the installation set Setup Wizard Completewill appear SafeBoot Management Center provides centralized management of the entire SafeBoot network of users and machines. 1. When you insert the SafeBoot Disk into the CD drive, the various program file folders are displayed. 2. Select the setup.exefile to start. The Welcome to SafeBoot Installation screen will appear. Click Next. 3. Enter your product code. The product code will arrive separately from the installation CD, usually via email. Contact your SafeBoot sales representative if you need further clarification or you lose your product code. 4. Read and approve the license agreement, click Yes to proceed. 5. Determine where you want the program files to be installed. Click Next. 6. Choose an encryption algorithm. If you are unsure, or have nopreference, then select the default AES (FIPS 256) or the algorithm that matches your companys security policies. 7. There are many types of components that you can select from the Optional Components window: a. Tokens: If you are not using physical tokens, uncheck all boxes for this option. Otherwise, select the type of device used to store the token. b. Smart Card Readers: If you plan to use hardware devices to store tokens, you will need to select the type of reader to be used on both the administration system and the client systems. Deselect all the readers if they are not required. c. SafeBoot Device Encryption: Deselect this option if you are not installing Device Encryption. d. Device Encryption Themes: Select the pre-boot graphic theme you would like to appear on your client machines. Note: you can insert your own graphics. Contact SafeBoot for further instruction. e. Device Encryption / Content Encryption Client Languages: SafeBoot supports multiple languages. Specify the language, or languages, required for your client machines. When you have selected your components click on Next. Continued Next Slide 2007 McAfee, Inc. Installing SafeBoot Management Center Insert SafeBoot CD Run setup.exe Enter Product Code Read/approve License Agreement Determine program files to be installed Choose encryption algorithm Make token selections or deselect Make Smart Card reader selections or deselect Select Client software Select Themes Select Languages Click Next verify selections Click Next to create the installation set Setup Wizard Completewill appear Continued From Previous 8. The Start Copying Files window provides you with the opportunity to review your choices before actually installing the SafeBoot software. Review this list carefully. a. If you want to make changes, simply hit the Back button until you get to the appropriate window. b. Make your changes. c. Continue to click the Next button until you reach the Start Copying Files screen. If you wish, review your configuration again. 9. Click on Next to create the installation set. This takes just a couple of minutes. 10.SafeBoot will display the Setup Wizard Complete when the installation has finished. Click the Finish button to complete the process. 11.Restart the computer if required. 2007 McAfee, Inc. Installation Product Code Product Code will activate the different SafeBoot Products Enter your product code. The customers product code will arrive separately from installation CD, usually via email. 2007 McAfee, Inc. Installation License Agreement Click Yes on the License agreement. 2007 McAfee, Inc. Installation Program Destination Select the location where you want SafeBoot installed. 2007 McAfee, Inc. Installation Algorithm choice During Installation the customer can choose the algorithm appropriate for their environment Choose an encryption algorithm. If you are unsure, or have no preference, then select the default AES (FIPS 256) or the algorithm that matches your companys security policies. 2/21/2008 12 2007 McAfee, Inc. Installation - Components Tokens: If you are not using physical tokens, uncheck all boxes for this option. Otherwise, select the type of device used to store the token There are many types of components that you can select from the Optional Components window: a. Tokens: If you are not using physical tokens, uncheck all boxes for this option. Otherwise, select the type of device used to store the token. 2/21/2008 13 2007 McAfee, Inc. Installation - Components Smart Card Readers: If you use hardware devices to store tokens, select the type of reader to be used on both administration system and client systems. Deselect all the readers if they are not required b. Smart Card Readers: If you plan to use hardware devices to store tokens, you will need to select the type of reader to be used on both the administration system and the client systems. Deselect all the readers if they are not required. 2/21/2008 14 2007 McAfee, Inc. Installation - Components Device Encryption Client Languages: SafeBoot supports multiple languages. Specify the language, or languages, required for your clients c. Device Encryption Client Languages: SafeBoot supports multiple languages. Specify the language, or languages, required for your clients. 2/21/2008 15 2007 McAfee, Inc. Installation - Components Content Encryption Client Languages: SafeBoot supports multiple languages. Specify the language, or languages, required for your clients Content Encryption Client Languages: SafeBoot supports multiple languages. Specify the language, or languages, required for your clients. 2007 McAfee, Inc. Installation Start Copying Files Verify the components to install and click Next. 2007 McAfee, Inc. Installation Setup Status The Setup Status dialog will appear showing the progress of the installation. 2007 McAfee, Inc. Installation Setup Complete The Setup Wizard Complete dialog will appear once SafeBoot has completed installing. Click Finish. 2007 McAfee, Inc. Installation Create the Object Directory Object Directory database a.k.a. SafeBoot Administration database Required to store security information for SafeBoot One-time setup requirement Run SafeBoot Admin Console Select Start Select Programs Select SafeBoot Administration Tools Select SafeBoot Administration To use the SafeBoot Management Centre, you must first configure the SafeBoot Administration Database (Object Directory database). The object database is a repository for all the security information (keys, policies, etc.) used in SafeBoot. The SafeBoot Administration System (SBAdmin) provides the interface for configuring this database. The SafeBoot Administration Database and the SafeBoot Management Centre tools must reside on the same computer. Creating the object database is a one-time setup requirement. The only time you will be given the option to create the database is the first time you run the SafeBoot Administration Tools. To start the process: 1. Click the Start menu. 2. Select Programs. 3. Select "SafeBoot Administration Tools. 4. Select SafeBoot Administration. 2007 McAfee, Inc. Installation Create Object Directory The Create SafeBoot Database dialog will appear. Select the default Description and Driver. Set the data path as desired, or use the default path. Click Next. 2007 McAfee, Inc. Installation User and Machine Groups SafeBoot creates several logical groups by default You can add, edit, or remove groups during Object Directory creation As with many network applications, you can define users individually or within groups. The same concept applies to SafeBoot users and machines (devices) that are attached to the network. SafeBoot creates several default groups during installation. If you want, you can add, edit or remove groups when creating the Object Directory. 2007 McAfee, Inc. Installation Set SafeBoot Administrator SbAdmin is default root administrator name Enter and re-enter administrative password for the root administrator NOTE: Because hardware tokens were deselected, Password Only Token is the only available option SbAdminis default root administrator name and it will automatically appear in the Root User dialog box. Enter and re-enter administrative password for the root administrator here. This will be the Root Administrator login moving forward. NOTE: Because hardware tokens were deselected during the component selection, Password Only Token is the only available option for token on our screen. 2007 McAfee, Inc. Installation Program Files / File Groups SafeBoot program (and other) files can be stored in Object Directory Used for updating install sets to client machines SafeBoot program files, as well as other program files, can be stored within the SafeBoot Object Directory. This simplifies the distribution and updating of install sets for client machines. The Program Files dialog lists all of the files that should be stored within the object database. Accept the list that is presented by clicking Next. You can add, edit or remove program files by selecting the appropriate buttons. 2007 McAfee, Inc. Installation Create New Database Click Finish on the Create New Database dialog. The SafeBoot Object Directory database will be created and the status will display in the Creation Status window. 2007 McAfee, Inc. Installation Create New Database Once the Object Directory has been created, the Database creation complete dialog will appear. Click OK. 2007 McAfee, Inc. Installation Login to the Object Directory You will be prompted to authenticate with the new Object Directory Login with the root administrator credentials created earlier, by default SbAdmin Once authenticated, the SafeBoot Administration Console will launch You will be prompted to authenticate with the new Object Directory Login with the root administrator credentials created earlier, by default SbAdmin. Once authenticated, the SafeBoot Administration Console will launch. 2007 McAfee, Inc. Installation SafeBoot Administration Console SafeBoot Administration Console 2007 McAfee, Inc. Installation SafeBoot Server To create the SafeBoot Server; In the Admin Console, select the System Tab Expand the SafeBoot Server group tree in the left navigation pane Double-click on SafeBoot Servers Right-click in the SafeBoot Server Groups window and select New Server The SafeBoot system requires a communication server to handle the exchange between the client machines and the SafeBoot Object Directory. To create this server: In order to create the SafeBoot Server; 1. In the Administration Console, select the System Tab 2. Expand the SafeBoot Server group tree in the left navigation pane 3. Double-click on SafeBoot Servers 4. Right-click in the SafeBoot Server Groups window and select New Server 2007 McAfee, Inc. Installation New Server Enter the information for the new server; Name IP Address (if needed) Port (if needed) Diffie-Hellman key size Server Description Add to available database connections Enter the information for the new server; Name the server IP Address (if needed) Port (if needed) SafeBoot Server uses 5555 by default Diffie-Hellman key size Server Description Add to available database connections. Click OK and the Creating SafeBoot Server dialog appears as the server keys are generated. This process can take a few minutes. 2007 McAfee, Inc. Installation New Server The new server will appear in the SafeBoot Server Groups window The new server will appear in the SafeBoot Server Groups window 2007 McAfee, Inc. Installation Start SafeBoot Server In order to start the SafeBoot Server; Select Start Select Programs Select SafeBoot Administration Tools Select SafeBoot Database Server In order to start the SafeBoot Server; Select Start Select Programs Select SafeBoot Administration Tools Select SafeBoot Database Server 2007 McAfee, Inc. Installation Start SafeBoot Server Authenticate with the root administrator credentials Select the Server configuration to use Authenticate with the root administrator credentials created previously. Next, select the configuration to use for this server. In this example, there is only one configuration created and it is the default. You may want to choose Use these settings automatically if you will always use this configuration for this server. 2007 McAfee, Inc. Installation SafeBoot Server Window The SafeBoot Database Server window will open The SafeBoot Database Server window will open. 2007 McAfee, Inc. Installation Start SafeBoot Server as a Service To configure the SafeBoot Server to start as a service; In the SafeBoot Database Server, select File ->Start Service Verify that you wish to start as a service To configure the SafeBoot Server to start as a service; In the SafeBoot Database Server, select File ->Start Service Verify that you wish to start the SafeBoot Server as a service. 2007 McAfee, Inc. Installation Server Service Once complete you will see SbDbServer.exe in Task Manager Appears as Automatic service in Windows Services Once you have verified that you want to start SafeBoot Server asa service, you will see the SbDbServer.exeprocess in Task Manager. The SafeBoot Database Server is listedin Windows Services with automatic start-up. 2007 McAfee, Inc. Installation Create Users To create users; In the SafeBoot Administration Console, on the Users tab, expand SafeBoot User Groups Double-click a user group, for example, SafeBoot Users Right-click in the user group window and select Create User All users need accounts Windows Mobile devices are treated as machines All users of the SafeBoot system need their own account, with the exception of Windows mobile devices, as these are treated as machines. 2007 McAfee, Inc. Installation Create Users Create User dialog displays Enter user name this will be their SafeBoot Login name Add identifying information for HelpDesk To complete the process, the Create User window is displayed. a. Enter a name for the user. They will use this to log in. b. Add identifying information for authenticating a user when they need assistance from the helpdesk. c. The identifying information can be edited or cleared when required. 2007 McAfee, Inc. Installation Create Users The new user will appear in the User Group Window The new user will appear in the User Group Window. 2007 McAfee, Inc. Installation New User Properties To view/modify user properties, right-click on the user entry in the User Group window, and select Properties To view/modify user properties, right-click on the user entry in the User Group window, and select Properties. 2007 McAfee, Inc. Installation New User Properties The User Properties dialog displays Note attribute categories in left pane The User Properties dialog will display showing the users attribute information. Note the attribute category icons in the left navigation pane that allow you to view several different areas of user attributes. 2007 McAfee, Inc. Installation New User Properties Select the Admin Rights icon Set the appropriate Administration Level for this user (recommend 1 for normal users) If you select the Admin Rights icon in the navigation pane, you can set the appropriate Administration Level for this user. We recommend a level of 1 for normal users. 2007 McAfee, Inc. Installation Setup Machine Groups Select Devices Tab Expand Machine Groups tree Double-click machine group Right-click in group window, select Create machine The next step is to create a machine group and set its configuration: From the SafeBoot Administration Console, select the Devices tab Expand the SafeBoot Machines Groups tree Double-click the SafeBoot Machines group this will open the SafeBoot Machine Group window Right-click in the SafeBoot Machine Group window and select Create Machine 2007 McAfee, Inc. Installation Create New Machine The Create New Machine dialog appears Enter the machine name Enter a description if desired The Create New Machine dialog will appear. Enter the name of themachine to add to the group, and a description if desired. Click OK. 2007 McAfee, Inc. Installation Machine Groups The new machine will appear in the machine group window The new machine will appear in the machine group window, in thiscase, the SafeBoot Machines group. 2007 McAfee, Inc. Installation Machine Properties To view the properties for the machine, right- click and select Properties The machine properties window appears To view the properties of the machine, right-click the machine entry in the group window and select Properties. The properties window for the selected machine will appear. 2007 McAfee, Inc. Installation Machine Properties Select the Options that you want to enforce for this machine Click Apply Close In the machine properties window, select the SafeBoot Option that you want to enforce for this machine in the Option window, and click Apply. Close the properties window. 2007 McAfee, Inc. Installation Add Users to Machine Groups Add user(s) to machines Right-click the machine group and select Properties Users must be added to a machine group in order to log in to a protected machine. You can add individual users or the entire group of users to a machine group. To add users to a machine group, right-click the machine group in the navigation pane and select Properties. 2007 McAfee, Inc. Installation Add Users to Machine Groups Select the group, or user(s) to add and click OK Click Apply In group properties, select Users Click Add Select User Group, or user and click OK Once the machine group properties window appears, Select the User category and Click the Add button. To add an entire user group, select the group and click Ok. To add one user at a time, select the group from the object tree and choose the user from the right hand pane of the Select Users window. 2007 McAfee, Inc. Installation Add Users to Machine Groups The user will appear in the users list of the machine group properties window The user will appear in the users list of the machine group properties window. 2007 McAfee, Inc. Installation Create DE Client Installation Sets Client files for install set reside in Object Directory From Admin Console; On the Devices tab, right- click the machine group Select, Create installation set For Device Encryption The files necessary for creating the install set are located in the SafeBoot Administration Database. The install set is associated with the machine level functions. From the SafeBoot Administrator window: On the Devices tab, right-click the machine group you are creating the installation set for Select Create Installation Set 2007 McAfee, Inc. Installation Create DE Client Installation Sets Select Online or Offline installation Since we have a communication server, select Online Object Directory must be available to client for Online install In a previous step, we set up a communications server, so we usethe Online install method. The client machine must be able to access the SafeBoot Object Directory at install for Online installations. 2007 McAfee, Inc. Installation Create DE Client Installation Sets Select the SafeBoot communication server the client should use Check the server created to handle the communications between client machines and the SafeBoot Administration Database. Click Next. Keep in mind that this server will be remote from the clients. You need to create an install set for each machine group that you have created. In large scale network installations you may have more than one server running. Clients will select the best connection from the available servers to perform the synchronization function. 2007 McAfee, Inc. Installation Create DE Client Installation Sets Set install set file path Select client installation path Note silent install and restart options Click Finish On the Create Install Set dialog, you can set the path where theinstall set files will be created, as well as the client installation path. Note that you can also option a silent install and automatic client restart. For testing, DO NOT select either the Silent Installation option or the Automatic Restart. You will want to monitor the install, and selecting either of these options does not allow you to monitor the success of the installation. Click Finish. 2007 McAfee, Inc. Installation Create DE Client Installation Sets You will see SafeBoot performing the Installation Set creation in the status window You will see SafeBoot performing the Installation Set creation in the status window. Once the Install Set Creation Complete dialog displays, the installation set files have been written to the install set path specified. Click OK. 2007 McAfee, Inc. Installation Create DE Client Installation Sets SafeBoot DE Installation Set file; SAFEBOOT5x.exe Located in the folder specified in the Create Install Set dialog Distribute via CD, network share, login script, etc. or use with MSI wrapper The SafeBoot Device Encryption for PC installation set file, SAFEBOOT5x.EXE will appear in the folder specified previously. This file can be written to CD or other removable storage and manually installed on the machines, or, installed by other distribution method such as logon scripts, network shares, or provided with an msi wrapper for use with 3 rd party software distribution systems. 2007 McAfee, Inc. Installation Create CE Client Installation Sets Client files for install set reside in Object Directory From Admin Console; On the Policies tab, right- click the policy group Select, Create installation set For Content Encryption The files necessary for creating the install set are located in the SafeBoot Administration Database. From the SafeBoot Administrator window: On the Policies tab, right-click the policy group you are creating the installation set for. Select Create Installation Set 2007 McAfee, Inc. Installation Create CE Client Installation Sets Select the file groups you want to include in the client Select what file groups you want to include in the client. For abasic test installation, only select SafeBoot Content Encryption for PC client files. 2007 McAfee, Inc. Installation Create CE Client Installation Sets Select the SafeBoot communication server the client should use Select what SafeBoot communication server shall be used by the client. 2007 McAfee, Inc. Installation Create CE Client Installation Sets Set install set file path Set client installation path Note uninstall password option Note silent install and automatic restart options Set the path where the Content Encryption installation set file should be created Set the client installation path Note that you can specify a required password for uninstalling the client Note the Silent install and automatic restart options. Do not use these options for test installations. Click Finish. 2007 McAfee, Inc. Installation Create CE Client Installation Sets The install set creation status will display in the window. Install set creation complete dialog appears once the install set file has been created. 2007 McAfee, Inc. Installation Create CE Client Installation Sets SBCE.EXE SafeBoot Content Encryption install set file appears in the specified folder Distribute via CD, network share, login script, etc. or use with MSI wrapper The SBCE.EXE install set file for Content Encryption appears in the folder specified previously. This file can be written to CD or other removable storage and manually installed on the machines, or, installed by other distribution method such as logon scripts, network shares, or provided with an msi wrapper for use with 3 rd party software distribution systems. 2007 McAfee, Inc. Creating Encryption Keys for SafeBoot CE Encryption keys are used to mathematically scramble data Client must have access to key to decrypt data Keys needed for each group of users Example: Human Resources key available to HR members only Many keys can be created depending upon security needs H R H R Encryption keys mathematically scramble data so that it cannot be read. Without access to the encryption key the information cannot be read. SafeBoot Content Encryption requires encryption keys for each group of users that will share restricted data. For example, if Human Resources wants to encrypt the information on their network shares to protect it from all other departments, an encryption key for HR will have to be created and distributed to each HR employee. You can create many keys to protect different classes of data, depending upon your security requirements. 2007 McAfee, Inc. Creating Encryption Keys for SafeBoot CE To create a new encryption key; First, create a new Encryption Keys group Navigate to the Policies tab in the SafeBoot Administration Console Right-click on the Encryption Keys Groups node, select Create Group Enter Group name & Description To create a new encryption key, you must first create an Encryption Keys group. Navigate to the Policies tab in the SafeBoot Administrator. Right-click on the Encryption Keys Groups node and select Create Group. The New Group dialog appears, enter a name and description for the new Encryption Key Group. Click OK. 2007 McAfee, Inc. Creating Encryption Keys for SafeBoot CE The new key group will appear in the tree Double-click it to open the key group window The new Encryption Key Group will appear in the tree view of thenavigation pane. Double-click the new group entry to open the key group window for that group. 2007 McAfee, Inc. Creating Encryption Keys for SafeBoot CE Right-click in the new Encryption Key group and select Add key Provide key Name, Algorithm & Description To create a new key in the Encryption Key group, right-click in the group window and select Add Key. The New Key Object dialog appears. Enter a name for the key. Select the algorithm to use for encryption. Enter a description for this key. Click OK. 2007 McAfee, Inc. Creating Encryption Keys for SafeBoot CE The new key will appear in the Encryption Keys Group window The new key will appear in the Encryption Keys Group window. 2007 McAfee, Inc. Creating Encryption Keys for SafeBoot CE To set validity and assign users to the key, right- click the key and select Properties Set the date the key expires under Expiry Youll need to set the validity for the key, as well as assign users. To set the expiration date, click the pull-down under Expiry and select the date from the calendar applet. 2007 McAfee, Inc. Creating Encryption Keys for SafeBoot CE To allow the key to be used by machines that are offline, select Allow key to be cached locally To allow the key to be used by machines that are offline (not network connected), select Allow key to cached locally under Caching. 2007 McAfee, Inc. Creating Encryption Keys for SafeBoot CE Select the Users icon New keys default to All SafeBoot Users To assign specific users, click the Add button NOTE: Once specific users are assigned, only users on the list can change key properties Add the Administrator! To assign users to a key, select the Users Icon from the Key Properties window. Note that new keys default to an assignment of All SafeBoot Users. To assign the key to specific users, click the Add button. IMPORTANT NOTE: Once specific users have been assigned to a key, only users on the list can change the key properties. Be sure to add the SafeBoot Administrator to the users list for this key. 2007 McAfee, Inc. Creating Encryption Keys for SafeBoot CE Select users to assign Remember the Admin! Select the user(s) to assign and click OK. Dont forget to add the SafeBoot Administrator. 2007 McAfee, Inc. Creating Encryption Keys for SafeBoot CE The users assigned will appear on the properties for the key Note that All SafeBoot Users is automatically removed The users you selected will appear under, Restrict Access To in the key properties window. Notice that the entry for All SafeBoot Users has automatically been removed. Click Apply and then Close. 2007 McAfee, Inc. Creating Encryption Policies SafeBoot CE Polices determine allowed user actions Control automatic encryption File types, folders, etc Automatic encryption of removable media available New policies prevent critical operations by default Edit the policy to allow access to SafeBoot CE functions SafeBoot Content Encryption Policies define what functions a user can perform with the SafeBoot CE Client. For example, the users ability to create their own encrypted files can be switched off, as can the user's ability to manually decrypt data; however, you donot need to be able to decrypt a file to access it. SafeBoot CE policies also control the automatic encryption of information. For example, you can specify that all .doc files should be created as encrypted, or all files in My Documents should be encrypted, or, a folder on a network share. A policy may also specify that data written to removable media, such as USB memory devices and removable hard disks shall always automatically be encrypted. The default settings for a new policy group, or new policy object, prevent any sensitive/critical operation. If you want to allow access to the functions of SafeBoot CE you need to change the settings of the corresponding policy. 2007 McAfee, Inc. Creating Encryption Policies SafeBoot CE On the Policies tab, right-click Content Encryption Policy Groups Select Create Policy Group On the Policies tab, right-click Content Encryption Policy Groups. Select Create Policy Group. 2007 McAfee, Inc. Creating Encryption Policies SafeBoot CE Enter a name and description for the new Policy Group Enter a name and description for the new Policy Group. 2007 McAfee, Inc. Creating Encryption Policies SafeBoot CE The new Policy Group window will appear To add a new policy, right-click in the window and select Add The new Policy Group window will appear. To add a new policy, right-click in the window and select Add. 2007 McAfee, Inc. Creating Encryption Policies SafeBoot CE Provide a name and description for the new Policy Provide a name and description for the new Policy. 2007 McAfee, Inc. Creating Encryption Policies SafeBoot CE The new policy will appear in the Policy Group window Double-click the policy to view the properties The new policy will appear in the Policy Group window. Double-click the policy to view the properties. 2007 McAfee, Inc. Creating Encryption Policies SafeBoot CE Select the policy options that you want from the categories available Click Apply and Close Select the policy options that you want from the categories available. Click Apply and Close. 2007 McAfee, Inc. Assigning Policies to Users From the Users tab, find the user in the group you wish to assign and view the properties Click the Policies icon Click the Add button From the Users tab, find the user in the group you wish to assign and view the properties. Click the Policies icon. 2007 McAfee, Inc. Assigning Policies to Users Select the policy to assign and click OK Select the policy to assign and click OK. 81 2007 McAfee, Inc. 2. Client Installation McAfee SafeBoot Security 2007 McAfee, Inc. SafeBoot Client Installation SafeBoot Device Encryption client SafeBoot Content Encryption client Installed from previously created installation sets Install options; Manual via removable media Manual via Network share Login Script MSI Wrapper/3 rd party distribution The next step is the installation of the SafeBoot Device Encryption client, and the SafeBoot Content Encryption client, using the installation sets previously created. You can manually install the clients, or use other common methods such as executing from a network share or via a login script. For larger deployments, using a 3 rd party distribution mechanism such as SMS would be recommended. 2007 McAfee, Inc. SafeBoot Client Installation In this example, the installation set files have been placed in a network share called SafeBootShare. The client installation will be executed at the client from thisshare. 2007 McAfee, Inc. SafeBoot Device Encryption Client Install Double-click SAFEBOOT5x.EXE from the share Double-clicking the SAFEBOOT5x.EXE install set launches the SafeBoot DE client installation. Once complete, the Setup Complete dialog appears. SafeBoot Device Encryption client has been installed. 2007 McAfee, Inc. SafeBoot Content Encryption Client Installation Double-click SbCE.EXE from the share to launch the installer Click Next To install the SafeBoot Content Encryption Client, double-click the SbCE.EXE installation file from the share and click Next. The SafeBoot CE Installer will run. 2007 McAfee, Inc. SafeBoot Content Encryption Client Installation Once CE is installed, the Setup Complete dialog appears Restart the machine Once SafeBoot Content Encryption client has been installed, the Setup Complete dialog appears. Restart the machine to complete the installation. 2007 McAfee, Inc. SafeBoot Login After restart SafeBoot login appears Default password 12345 Set new, unique password After the machine restarts, the SafeBoot login screen will appear. Use the default password of 12345 for the initial login, and then change the password when prompted. 88 2007 McAfee, Inc. End Module SafeBoot Installation McAfee SafeBoot Security